Anyone tried out www.hackerone.com? I was thinking on, now as an experienced developer, to dip my toes in the security/bug bounty space
That place seems like a good to try out
Hacker1
Re: Hacker1
Did a quick try a while back, but being too easily stressed I had to stop . I would pick something obscure to play around with OR like some other people have been doing, focus on automating it : D.
"The best place to hide a tree, is in a forest"
Re: Hacker1
Oh yes, love to automate stuff nowadays
That's probably what I'll focus on - create new tooling / automation.
Any pointers there? Like what would you like to see being automated or having a tool for?
That's probably what I'll focus on - create new tooling / automation.
Any pointers there? Like what would you like to see being automated or having a tool for?
Re: Hacker1
Well, I would do my research first.
Start by picking 10-20 sites from HackerOne that you want to focus on.
Research what vulns they accept, and automate that (like XSS).
Of course others are probably doing this, so maybe not want to jump straight to automating, but first finding your "thing" .
When I did bug bounty hunting my biggest mistake was to not research about the company first. I found a number of vulns, but only one of the companies actually paid me for it (which I would have known if I read their documentation on Hacker1 first properly).
"The best place to hide a tree, is in a forest"
Re: Hacker1
I'll snoop around, thanks!
Re: Hacker1
Haha talk about coincidences, just yesterday I sent a link to bb saying that he was probably one of the reasons for their website bug bounty.
Code: Select all
https://hackerone.com/fetlife?type=team
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
Re: Hacker1
l might submit a bug, using RoR counts as one, right?maboroshi wrote: ↑26 Mar 2021, 13:40Haha talk about coincidences, just yesterday I sent a link to bbsaying that he was probably one of the reasons for their website bug bounty.Code: Select all
https://hackerone.com/fetlife?type=team
but seriously, until mab told me about that site I had never heard of it. might be a good way to make some bucks, but on the other hand it's kinda pathetic that companies raking in a huge amount of money obviously don't even have their own security department for quality assurance....